Could someone help me with Dovecot AD integration PAM setup?
Kaya Saman
kayasaman at gmail.com
Fri Jun 22 08:44:28 UTC 2012
Hi,
I'm trying to authenticate Dovecot to Active Directory using the
SAMBA/Winbind method and so far my setup seems that everything is
working apart from the Dovecot authentication which I believe I have
traced to PAM.
I can login using an AD account using:
wbinfo -K <user>
# wbinfo -K <user>
Enter <user>'s password:
plaintext kerberos password authentication for [<user>] succeeded
(requesting cctype: FILE)
This is the current Dovecot config:
# cat dovecot.conf
# v1.1:
#auth_ntlm_use_winbind = yes
# v1.2+:
auth_use_winbind = yes
auth_winbind_helper_path = /usr/local/bin/ntlm_auth
protocols = imap
# It's nice to have separate log files for Dovecot. You could do this
# by changing syslog configuration also, but this is easier.
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log
# Disable SSL for now.
ssl = no
disable_plaintext_auth = no
# We're using Maildir format
#mail_location = maildir:~/Maildir
mail_location = mbox:/mail:INBOX=/mail/%u
# If you're using POP3, you'll need this:
#pop3_uidl_format = %g
# Authentication configuration:
auth_verbose = yes
auth_debug = yes
auth_username_format = %n
auth_mechanisms = plain ntlm login
userdb {
driver = static
args = uid=501 gid=501 home=/mail/%u
driver = static
}
passdb {
driver = pam
}
Here is a "test" login attempt:
# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE AUTH=PLAIN AUTH=NTLM AUTH=LOGIN] Dovecot ready.
a login <user> <password>
a NO [AUTHENTICATIONFAILED] Authentication failed.
b logout
* BYE Logging out
b OK Logout completed.
- of course the proper credentials were put in.....
Here is the details of pam.d/imap:
# cat imap
#
# $FreeBSD: src/etc/pam.d/imap,v 1.7.10.1.6.1 2010/12/21 17:09:25 kensmith Exp $
#
# PAM configuration for the "imap" service
#
# auth
auth sufficient pam_winbind.so no_warn
try_first_pass debug
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass
# account
#account required pam_nologin.so
account required pam_unix.so
#account required pam_winbind.so
I also attempted a change in pam.d/system:
# cat system
#
# $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.6.1 2010/12/21 17:09:25
kensmith Exp $
#
# System-wide defaults
#
# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn
try_first_pass nullok
# account
account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_lastlog.so no_fail
# password
password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass
Which don't let me login to the Dovecot service :-(
The dovecot.log file shows this:
Jun 20 11:30:40 master: Warning: Killed with signal 15 (by pid=4149
uid=0 code=kill)
Jun 20 11:30:48 auth: Fatal: No passdbs specified in configuration
file. LOGIN mechanism needs one
Jun 20 11:30:48 master: Error: service(auth): command startup failed,
throttling for 2 secs
Jun 20 11:30:59 master: Warning: Killed with signal 15 (by pid=4182
uid=0 code=kill)
Jun 20 11:31:13 auth: Fatal: No passdbs specified in configuration
file. LOGIN mechanism needs one
Jun 20 11:31:13 master: Error: service(auth): command startup failed,
throttling for 2 secs
Jun 20 11:32:38 master: Warning: Killed with signal 15 (by pid=4245
uid=0 code=kill)
Jun 20 11:32:58 imap-login: Warning: Auth connection closed with 1
pending requests (max 0 secs, pid=4265, EOF)
Jun 20 11:32:58 auth: Fatal: master: service(auth): child 4266 killed
with signal 11 (core not dumped - set service auth {
drop_priv_before_exec=yes })
Jun 20 11:46:21 master: Warning: Killed with signal 15 (by pid=4318
uid=0 code=kill)
Jun 20 11:46:42 auth-worker(4340): Error: pam(<user>,127.0.0.1):
pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
missing?)
Jun 20 11:46:55 auth: Error: Got NTLMSSP neg_flags=0xa2088207
Jun 20 11:46:55 auth: Error: Got user=[<user>] domain=[]
workstation=[WKS-42] len1=24 len2=270
Jun 20 11:46:55 auth: Error: Login for user []\[<user>]@[WKS-42]
failed due to [Reading winbind reply failed!]
Jun 20 11:49:47 master: Warning: Killed with signal 15 (by pid=4400
uid=0 code=kill)
Jun 20 11:49:53 auth: Fatal: passdb imap: Missing host parameter
Jun 20 11:49:53 master: Error: service(auth): command startup failed,
throttling for 2 secs
Jun 20 11:50:10 master: Warning: Killed with signal 15 (by pid=4439
uid=0 code=kill)
Jun 20 11:50:22 auth-worker(4461): Error: pam(<user>,127.0.0.1):
pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
missing?)
Jun 20 11:51:19 master: Warning: Killed with signal 15 (by pid=4479
uid=0 code=kill)
Jun 20 11:52:14 master: Warning: Killed with signal 15 (by pid=4647
uid=0 code=kill)
Jun 20 12:26:12 master: Warning: Killed with signal 15 (by pid=1349
uid=0 code=kill)
Jun 20 12:26:32 auth-worker(1371): Error: pam(<user>,127.0.0.1):
pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
missing?)
Jun 20 12:40:20 master: Warning: Killed with signal 15 (by pid=1436
uid=0 code=kill)
Jun 20 12:40:39 auth-worker(1458): Error: pam(<user>,127.0.0.1):
pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
missing?)
Jun 20 13:06:03 master: Warning: Killed with signal 15 (by pid=1653
uid=0 code=kill)
Jun 20 13:07:37 auth-worker(1222): Error: pam(<user>,127.0.0.1):
pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
missing?)
Jun 20 15:05:11 master: Warning: Killed with signal 15 (by pid=91263
uid=0 code=kill)
Jun 22 10:02:03 master: Warning: Killed with signal 15 (by pid=38998
uid=0 code=kill)
Jun 22 10:04:08 auth-worker(1229): Error: pam(<user>,127.0.0.1):
pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
missing?)
Jun 22 10:10:47 master: Warning: Killed with signal 15 (by pid=1394
uid=0 code=kill)
Jun 22 10:12:36 auth-worker(1218): Error: pam(<user>,127.0.0.1):
pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
missing?)
Jun 22 10:20:57 auth-worker(1232): Error: pam(<user>,127.0.0.1):
pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
missing?)
Can anybody help me with this?
Regards,
Kaya
More information about the freebsd-questions
mailing list